Summary
The Jester malware gives threat actors greater tools to attack computers in more sophisticated ways.
It has grown in prominence in the underground cyber crime market due to its ease of use and low cost.The malware is a.net-based malware that spreads by phishing emails and disguises itself as a txt, jar, bat, ps1, png, doc, xls, pdf, mp3, mp4, or ppt attachment.
Threat actors, on the other hand, used YouTube videos to promote random distribution channels such as pirated content and hacking tools.
Jester Stealer is a multi functional malware that includes stealer, clipper, crypto-miner, and botnet functionality.
It communicates via AES-CBC-256 encryption, works with Tor network servers, sends logs to Telegram bots, and stores stolen data in memory before exfiltrating it.
Jester is interested in the following information:
-
- Browsers: Passwords, credit cards, cookies, autofill data, browsing history, and bookmarks of 20+ web browsers
- Email clients: Thunderbird, Outlook, and FoxMail
- IM apps: Telegram, Discord, WhatsApp, Signal, and Pidgin
- Crypto wallets: Atomic, Coinomi, Electrum, Exodus, Guarda, Jaxx, Wasabi, Zcash, BitcoinCore, DashCore, LiteCore, MoneroCore
- Password managers: KeePass, NordPass, LastPass, BitWarden, 1Password, RoboForm, and ten more password managers.
- Gaming software: Steam sessions, Twitch, and OBS profiles with broadcasting keys
- VPN clients: Windscribe VPN, NordVPN, EarthVPN, ProtonVPN, and OpenVPN
- FTP clients: FileZilla, CoreFTP, WinSCP, and Snowflake
Recommendations
- Companies must keep their systems up to date.
- Organizations SHOULD ALWAYS keep an eye on network traffic for malicious activity sent by threat actors.
- Organizations must regularly raise awareness about social engineering instances and offer workshops and trainings on how to protect themselves from such attacks.
- Using intrusion detection and prevention systems will assist keep the network in good shape.
- Make use of advanced e-mail security software.
- Make use of powerful end-point protection and detection solutions that include ransomware rollback capabilities.
